summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/apps/s_server.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/apps/s_server.c')
-rw-r--r--src/lib/libssl/src/apps/s_server.c128
1 files changed, 0 insertions, 128 deletions
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 18717d8f23..22e3c18ada 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -175,9 +175,6 @@
175#ifndef OPENSSL_NO_RSA 175#ifndef OPENSSL_NO_RSA
176#include <openssl/rsa.h> 176#include <openssl/rsa.h>
177#endif 177#endif
178#ifndef OPENSSL_NO_SRP
179#include <openssl/srp.h>
180#endif
181#include "s_apps.h" 178#include "s_apps.h"
182#include "timeouts.h" 179#include "timeouts.h"
183 180
@@ -349,47 +346,6 @@ out_err:
349} 346}
350#endif 347#endif
351 348
352#ifndef OPENSSL_NO_SRP
353/* This is a context that we pass to callbacks */
354typedef struct srpsrvparm_st {
355 char *login;
356 SRP_VBASE *vb;
357 SRP_user_pwd *user;
358} srpsrvparm;
359
360/* This callback pretends to require some asynchronous logic in order to obtain
361 a verifier. When the callback is called for a new connection we return
362 with a negative value. This will provoke the accept etc to return with
363 an LOOKUP_X509. The main logic of the reinvokes the suspended call
364 (which would normally occur after a worker has finished) and we
365 set the user parameters.
366*/
367static int
368ssl_srp_server_param_cb(SSL * s, int *ad, void *arg)
369{
370 srpsrvparm *p = (srpsrvparm *) arg;
371 if (p->login == NULL && p->user == NULL) {
372 p->login = SSL_get_srp_username(s);
373 BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
374 return (-1);
375 }
376 if (p->user == NULL) {
377 BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
378 return SSL3_AL_FATAL;
379 }
380 if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
381 p->user->info) < 0) {
382 *ad = SSL_AD_INTERNAL_ERROR;
383 return SSL3_AL_FATAL;
384 }
385 BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info);
386 /* need to check whether there are memory leaks */
387 p->user = NULL;
388 p->login = NULL;
389 return SSL_ERROR_NONE;
390}
391
392#endif
393 349
394static void 350static void
395s_server_init(void) 351s_server_init(void)
@@ -474,10 +430,6 @@ sv_usage(void)
474 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n"); 430 BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
475#endif 431#endif
476#endif 432#endif
477#ifndef OPENSSL_NO_SRP
478 BIO_printf(bio_err, " -srpvfile file - The verifier file for SRP\n");
479 BIO_printf(bio_err, " -srpuserseed string - A seed string for a default user salt.\n");
480#endif
481 BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n"); 433 BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
482 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n"); 434 BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
483 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n"); 435 BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
@@ -727,9 +679,6 @@ int s_server_main(int, char **);
727#ifndef OPENSSL_NO_JPAKE 679#ifndef OPENSSL_NO_JPAKE
728static char *jpake_secret = NULL; 680static char *jpake_secret = NULL;
729#endif 681#endif
730#ifndef OPENSSL_NO_SRP
731static srpsrvparm srp_callback_parm;
732#endif
733#ifndef OPENSSL_NO_SRTP 682#ifndef OPENSSL_NO_SRTP
734static char *srtp_profiles = NULL; 683static char *srtp_profiles = NULL;
735#endif 684#endif
@@ -775,10 +724,6 @@ s_server_main(int argc, char *argv[])
775 /* by default do not send a PSK identity hint */ 724 /* by default do not send a PSK identity hint */
776 static char *psk_identity_hint = NULL; 725 static char *psk_identity_hint = NULL;
777#endif 726#endif
778#ifndef OPENSSL_NO_SRP
779 char *srpuserseed = NULL;
780 char *srp_verifier_file = NULL;
781#endif
782 meth = SSLv23_server_method(); 727 meth = SSLv23_server_method();
783 728
784 local_argc = argc; 729 local_argc = argc;
@@ -977,19 +922,6 @@ s_server_main(int argc, char *argv[])
977 } 922 }
978 } 923 }
979#endif 924#endif
980#ifndef OPENSSL_NO_SRP
981 else if (strcmp(*argv, "-srpvfile") == 0) {
982 if (--argc < 1)
983 goto bad;
984 srp_verifier_file = *(++argv);
985 meth = TLSv1_server_method();
986 } else if (strcmp(*argv, "-srpuserseed") == 0) {
987 if (--argc < 1)
988 goto bad;
989 srpuserseed = *(++argv);
990 meth = TLSv1_server_method();
991 }
992#endif
993 else if (strcmp(*argv, "-www") == 0) { 925 else if (strcmp(*argv, "-www") == 0) {
994 www = 1; 926 www = 1;
995 } else if (strcmp(*argv, "-WWW") == 0) { 927 } else if (strcmp(*argv, "-WWW") == 0) {
@@ -1535,22 +1467,6 @@ bad:
1535 } 1467 }
1536#endif 1468#endif
1537 1469
1538#ifndef OPENSSL_NO_SRP
1539 if (srp_verifier_file != NULL) {
1540 srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
1541 srp_callback_parm.user = NULL;
1542 srp_callback_parm.login = NULL;
1543 if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR) {
1544 BIO_printf(bio_err,
1545 "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
1546 srp_verifier_file, ret);
1547 goto end;
1548 }
1549 SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
1550 SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
1551 SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
1552 } else
1553#endif
1554 if (CAfile != NULL) { 1470 if (CAfile != NULL) {
1555 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); 1471 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
1556#ifndef OPENSSL_NO_TLSEXT 1472#ifndef OPENSSL_NO_TLSEXT
@@ -1866,17 +1782,6 @@ sv_body(char *hostname, int s, unsigned char *context)
1866 } 1782 }
1867#endif 1783#endif
1868 k = SSL_write(con, &(buf[l]), (unsigned int) i); 1784 k = SSL_write(con, &(buf[l]), (unsigned int) i);
1869#ifndef OPENSSL_NO_SRP
1870 while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
1871 BIO_printf(bio_s_out, "LOOKUP renego during write\n");
1872 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
1873 if (srp_callback_parm.user)
1874 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
1875 else
1876 BIO_printf(bio_s_out, "LOOKUP not successful\n");
1877 k = SSL_write(con, &(buf[l]), (unsigned int) i);
1878 }
1879#endif
1880 switch (SSL_get_error(con, k)) { 1785 switch (SSL_get_error(con, k)) {
1881 case SSL_ERROR_NONE: 1786 case SSL_ERROR_NONE:
1882 break; 1787 break;
@@ -1917,17 +1822,6 @@ sv_body(char *hostname, int s, unsigned char *context)
1917 } else { 1822 } else {
1918 again: 1823 again:
1919 i = SSL_read(con, (char *) buf, bufsize); 1824 i = SSL_read(con, (char *) buf, bufsize);
1920#ifndef OPENSSL_NO_SRP
1921 while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
1922 BIO_printf(bio_s_out, "LOOKUP renego during read\n");
1923 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
1924 if (srp_callback_parm.user)
1925 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
1926 else
1927 BIO_printf(bio_s_out, "LOOKUP not successful\n");
1928 i = SSL_read(con, (char *) buf, bufsize);
1929 }
1930#endif
1931 switch (SSL_get_error(con, i)) { 1825 switch (SSL_get_error(con, i)) {
1932 case SSL_ERROR_NONE: 1826 case SSL_ERROR_NONE:
1933 write(fileno(stdout), buf, 1827 write(fileno(stdout), buf,
@@ -2002,17 +1896,6 @@ init_ssl_connection(SSL * con)
2002 1896
2003 1897
2004 i = SSL_accept(con); 1898 i = SSL_accept(con);
2005#ifndef OPENSSL_NO_SRP
2006 while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2007 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2008 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2009 if (srp_callback_parm.user)
2010 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2011 else
2012 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2013 i = SSL_accept(con);
2014 }
2015#endif
2016 if (i <= 0) { 1899 if (i <= 0) {
2017 if (BIO_sock_should_retry(i)) { 1900 if (BIO_sock_should_retry(i)) {
2018 BIO_printf(bio_s_out, "DELAY\n"); 1901 BIO_printf(bio_s_out, "DELAY\n");
@@ -2223,17 +2106,6 @@ www_body(char *hostname, int s, unsigned char *context)
2223 for (;;) { 2106 for (;;) {
2224 if (hack) { 2107 if (hack) {
2225 i = SSL_accept(con); 2108 i = SSL_accept(con);
2226#ifndef OPENSSL_NO_SRP
2227 while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
2228 BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login);
2229 srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login);
2230 if (srp_callback_parm.user)
2231 BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info);
2232 else
2233 BIO_printf(bio_s_out, "LOOKUP not successful\n");
2234 i = SSL_accept(con);
2235 }
2236#endif
2237 switch (SSL_get_error(con, i)) { 2109 switch (SSL_get_error(con, i)) {
2238 case SSL_ERROR_NONE: 2110 case SSL_ERROR_NONE:
2239 break; 2111 break;